1. Field of Invention
Embodiments of the present invention relate, in general, to digital networks. More specifically, embodiments of the present invention relate to methods and systems for identifying dead Access Control Entries (ACEs) in an ACL.
2. Description of the Background Art
In a network, a router receives data packets from a source and forwards these data packets to a destination. However, the data packets have to meet certain criteria in order to be forwarded by the router. The specified criteria in an Access Control List (ACL) are included in the router. The ACL includes Access Control Entries (ACEs). These ACEs are statements specifying denials and permissions for forwarding data packets through the router. For example, the ACE can deny the forwarding of a data packet from a certain source through the router. Further, the ACE can deny the forwarding of a data packet through the router to a certain destination. In some cases, the ACE can permit or deny the forwarding of the data packet through the router, irrespective of the source and the destination of the data packet.
The number of ACEs in the ACL varies. For example, data packets with the same source and destination may require only one ACE to specify the denial or the permission. Therefore, the number of ACEs in the ACL may increase with the increase in the traffic through the router or with modifications in the network, such as addition of a network device. However, with time, some ACEs may no longer be valid. For example, an ACE may include a statement of permission or denial to a network that does not exist any more. Such invalid ACEs are considered as dead and unnecessarily occupy space in the ACL. Eliminating dead ACEs can save processing time and increase the speed of a network device because a network device uses high frequency while checking an ACL.